Parti: 


Answer the following questions by clearly circling the most appropriate answer [ 1 mark each ] 


1. True or False: Digital signatures provide the ability to authenticate message content but 
does not authenticate message source. 

a. True 
^ < tu False 

2. True or F alse: Cryptographic hash functions are required to be one-way and collision- 
resistant. 

(ay True 

b. False 

3. In public key cryptography if X wants to send an encrypted confidential message to Y 

a. X encrypts message using his private key 

b. X encrypts message using Y's private key 
(Q x encrypts message using V"s public key 

/a. X encrypts message using his public key 

4. Message authentication codes (MAC) and digital signatures both serve to authenticate the 
content of a message. Which of the following best describes how they differ? 

a. A MAC can be verified based only on the message, but a digital signature can only be 
verified with the secret key used to sign the message. 

b. A MAC can be verified based only on the message, but a digital signature can only be 
verified with the public key of the party that signed the message. 

c. A MAC can only be verified with the secret key used to generate it, but a digital 
signature can be verified based only on the message. 

v ( 3 ) A MAC can only be verified with the secret key used to generate it, but a digital 

signature can be verified with the public key of the party that signed the message. 

5. Which of the following is not a many-to-one function for message M 

a. MAC (M, K) 

b. Hash (M) 

JCSy RSA_Encryption ( M,e,n) , where e and n are the public key 

d. Digital Signature (M) 

6. On many occasions, systems have been broken not because of a poor encryption 

algorithm, but because of poor key selection or management. Which of the following is a 
desirable action to the above matter 
(a.) frequent key changes 

b. frequent encryption algorithm changes 

c. Use multiple encryption algorithms 

d. Use multiple hash algorithms 
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7. A digital signature is required 

i. to tie an electronic message to the sender's identity 

ii. for non repudiation of communication by a sender 

iii. to prove that a message was sent by the sender in a court of law 

iv. in all e-mail transactions 

i and ii 

• • • • • • 

i, ii, in 
• • • • 

III, IV 

ii, iv 



8. The responsibility of a certification authority (CA) for digital signature is to authenticate 
the 

a. hash function used 

b. private keys of subscribers 
/(ppublic keys of subscribers 

d. key used in DES 

9. Which of the following is not an SSL protocol 

a. SSL handshake protocol 

b. SSL change cipher Spec protocol 

c. SSL record protocol 
(cLy SSL session protocol 


10. HTTPS refers to 

a. The HTTP and SSL handshake that allows the server and client to authenticate each 
other and to negotiate encryption 

b. The HTTP and SSL establishment of security capabilities by the client to initiate and 
establish capabilities 

The combination of HTTP and SSL to implement secure communication between a 
web browser and a web server. 

d. The HTTP-specific protocol to change of pending state to be copied into current state 
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Part 2: 
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1- Suppose that Alice chooses for an RSA system the primes p = 61, and q = 41, and the 
public key e = 7. [3 marks] 

(a) Write the equation to encrypt the plaintext M = 254, ^ v aI * 

n s p .4 --fr**') ? p*. 

s (p-i) (4-0* <r° “ c ^ ^ c 

(b) Write the equation to decrypt the ciphertext C=545 with d = 343 


/Ac C 


rvt ia 


1 


5-»3 , 


PR t 


2. In RSA key setup, assume p=3 , q=ll and e=7. Compute the public and private keys: 


? u* ] e ,*] t f>(2, i \ A,* \ 

" s p q, v v* 

<$C*) =: (?- 1 x i-<) t -2^ 

(? A ftf\/ t I ->o if 5 3 


[ 3 marks ] 


?U * { 7 / 

PR , ? 3, ^ 3 


3. 


In RSA, why primes p,q must not be easily derived from modulus n=p.q 


[ 1 point ] 


(<x 




Co. 


l(T bk & CLt^d f,Vu/ <*f cK ,$v cjft fl^t f/ilro-b , 


4. 


Alice chooses for an RSA system the primes p = 7, and q = 11, and the public key e - 7 to 
encrypt message M=88. What is wrong with the RSA setup (beside using small numbers) 

i I [1 mark 1 

*>c c^e k * * ^9 <r { $ icxsy f ^ ~7? ) 


5. Why public key cryptography was developed? List two issues resolved by public key 

[ 2 points ] 


a 




-/a. Cdslit W 




^ xe p^jdciAto 


p f » c l^-c^ ' . 
o/- a l f 


j 

/ 
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Part 3: 

L . L ' St four wa Vi of distributing public keys. 



•i. Ajkw^j 


IV. 


/^aVi ^ iV*v /c?^u 

public W/‘^m4r 


[ 2 points ] 

) 


2. List one drawback for public key authorities 

l ^ r^^clfo f€{jf LK £^J ft**# 

J p e 


[ 1 points ] 


A ^Vi^f 4^7 p € i s’ A (?n<: I 


yv* >^C >cl A Pm/// c 


*) 


\ 


\ 


3. What is the probability of finding a collision for an ideal 60-bit hash function? What is the 

main reason for this probability? [2 points] 

Pf&bJoi^ i5 o» buk (Mack ^ ,J w,lf bc 

& h* 1 ' ’’<*-*} ly u Jh ^au, 

4. Explain the birthday attack by an adversary whom wishes to find two messages or data ' 

blocks, x and y, that yield the same hash function; H(x) = H(y). [ 3 points ] 

/ *y 

^ fx V<y^ *2- 




W^hgct 


z 


,^e * 


! J'* / v 


p /obzht'l^ij to fr'yx^l ^ C^) * A ( i ]) {% tfC?/ 

tA ts ©/ J?A*> <j / / l^i ll<x<,l\ 


c AW ✓"< 




7^ 


5. 


Detail what is the difference between a Hash Function and a Cryptographic Hash 

inn? • ij r j, . , 1 2 points] 

im <J«r /,//*„ /e, // as / v f^ c h 0 ^ 

P. 


Function? 


(V^/o^p/vc AWi <C*_&r^y 5 rc^wfo: 

(t> uUe io yei t<*so uw ■a4 Sdr^e ^<,K» 

^U^d *, pU 6 s f ,«J( It'd fed 

& y C '"‘‘“•'V' 

- rlc^U • 7 

(J> A {(- i c't civ >v«y ^ /V\, $ frx-X2jf f 

(^y 1 \as ({re<A isajLtje , 


5 


Part 4: 


v 


% 


1. List two of the four protocols of the SSL protocol? [ 1 points ] 

S * 5 5 L tL^je Coj^^° fp^c f* <c/f &c<>\ 

2. In SSL handshake, the last phase sends finished_messoge from client to server. What is 

the main content and purpose of this message. f 2 points ] 

*A & f , S ° fU itfa / 

\s Co^ circle if ewisy // CeVrcC^*'* o/ f c&*!r ^ 

3. What is the purpose of the dual signature in SET protocol? [ 2 points ] 

fct/ M. d^J 5 Cqv^f(Uf CV$fo^/ **** bobt^c c f 

~ ^ ' ' - ' - y 


S. 


i 


/ Ac/ U^/o, U. . , 44 * 

^.iTnW , 

4. What is HTTPS Protocol? [ 1 point ] 

f.K S VJTP ^ ** ^ c/x prc> ^ c 


i n Co^bj^ hov\ o 

co^nCCcJ^toL'y by & +ti VtxutcJ 

5. In SET protocol, the merchant forwards to the payment Gateway (bank) encrypted blocks 
of related payment information sent by the cardholder. What do the encrypted blocks 
contain? and what type of verification the payment gateway performs from it? 

1*^5- P* L ) 1 d r e / c & of t P 

okji^ 


b *bUf 


Oiy 0*0/' or . y 

Q fcbe/ Infers 

dua I 1 1' cjis^dl a /C f f Q bcA -/-He**. df/S^T^C ify-e 


^ 0-/j C C{; lA, f t / "pf\Ard fbt 5 P 0 ly lr~~€ x~j/~ lvd~oS / 


CJ cS\ 


i > 4o o / A < r / A^j/\ 

i ra*&siie0^r' 

6. Suppose an attacker records an entire SSL session between a bank and a bank customer. 
Can the attacker replay the session to the bank, and potentially cause the customer to pay 
the same bill twice? If yes, explain why. If not, briefly explain what prevents this form of 
replay in SSL. [ 2 marks ] 






1/ 


U U 

ic t^y> 


c ^/l\X 0 4 /^(_ 

*id-<xcU<c O yk 

55 L I'l 

V ^ C^y / Cl^fP 

t c £y h w.rtl ufsJ *k_ 

/4 

ssi 


So r tpt** 

t />£ 

f/Sftbtx ( S ^ 

WJOC 1<L 
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